Introduction
Secure integration between Oracle Fusion ERP and Oracle Integration Cloud (OIC) is essential for automating business workflows while maintaining data protection and access control.
In this guide, we’ll walk you through how to configure OAuth Authorization Code Credentials in OIC Gen 3 to securely invoke Fusion ERP APIs. This setup ensures your integrations are authenticated using modern, token-based security standards, no password sharing, and no manual token refreshes.
Understanding the Setup
OAuth 2.0 provides a secure way to authorize applications to access resources without exposing user credentials.
In this case:
-
Fusion ERP acts as the Resource Server.
-
Oracle Integration Cloud (OIC) acts as the Client Application.
You’ll create both within your Fusion Domain, not the default domain, to enable secure, token-based communication.
Get Your Domain Details
Navigate to Identity & Security → Domains → (Fusion Domain) → Integrated Applications.
Copy your Fusion Domain URL — this will be needed while setting up the connection in OIC later.
Create the Resource Server Application
Go to Integrated Applications → Add Application.
Choose Confidential Application and launch the workflow.
Enter an application name, e.g., <SaaSInstance>_oauth.
Select “Configure this application as a resource server now.”
Enable Allow Refresh Token and set Refresh Token Expiration to 31536000 (1 year).
In the Primary Audience, enter your Fusion Apps URL (e.g., https://<SaaS_URL>:443).
Add a scope:
-
-
Scope:
/ -
Description: All
-
Requires user consent: Checked
-
Click Add → Next → Skip Web Tier Policy → Finish.
-
Activate the application.
-
Create the Client Application
Go to Integrated Applications → Add Application.
Select Confidential Application, name it <SaaSInstance>_oauthclient.
Choose “Configure this application as a client now.”
In Allowed Grant Types, select:
-
-
Authorization Code
-
Refresh Token
-
Enter your Oracle Integration instance URL in the Redirect URL, for example:
⚠️ Use the Service Console URL, not the Design-time URL.
Do not include region or port number.
Add resources → Add scope → select:
-
-
The resource application you created earlier
-
Fusion Application Cloud Service Resource
-
Click Next → Finish → Activate.
Note down the Client ID and Client Secret — you’ll need these in OIC.
Configure the OIC Connection
In Oracle Integration Cloud, create a new connection (ERP, REST, or SOAP Adapter).
Choose Security Policy: OAuth Authorization Code Credentials.
Provide Client Id and Client Secret noted down earlier.
Authorization Code URI:- https://domainurl/oauth2/v1/authorize
Access Token URL: – https://domainurl/oauth2/v1/token
Scope:- https://fusionurl:443/ offlineaccess (make note of the space between / and offlineaccess)
-
Click Provide Consent → login with Fusion credentials → wait for the Authenticated message.
-
Test the connection to confirm successful setup.
For REST and SOAP Connections
Use the same configuration but ensure the Security Policy is set to:
OAuth Authorization Code (Recommended).
All other steps remain identical.
